Categories of Cyber Threat


Several cyber warfare experts had commonly held to the fact that threats and attacks launched through the cyber domain are multi-faceted. Recent adversaries, such as Islamic State or its remnants and derivatives – and future adversaries, be they state or non-state actors – will attempt to exploit a sovereign’s defence systems for their own military advantage through cyberspace.

In their 2010 book ‘Cyber Wars’, co-authors Ronald Deibert and Rafal Rohozinski, from the OpenNet Initiative at Toronto University, identify ‘risks to cyberspace’ and ‘risks through cyberspace’ although, in a military policy and doctrinal context, they are plainly discussing various forms of threats. These threats, put in context, include those targeting networked military hardware and stand-alone government, military and industrial systems.

Subsequently, Richard Harknett, a US-UK Fulbright Professor in Cyber Security, Oxford University, UK (2017) ventured to categorise threat actors in the cyber domain in three groupings, namely State Actors, State Proxies and Non-State Actors.

For example, the US has identified China, Russia, Iran and North Korea as the most prominent ‘States Actors’ in the cyber domain. In all cases, states are somewhat constrained by international law, norms, diplomacy and deterrence. However, they may take increased risks in the cyber domain due to the inherent difficulty in attributing and responding to attacks through the cyberspace.

Whereas, ‘State Proxies’ are reliant on states for funding, training and technological access. State Proxies are thus able to conduct cyber operations while their sponsor maintains plausible deniability. China, in particular, has focused on making maximum use of the skills present in its civilian workforce to develop ‘cyber militias’, which could potentially be categorised as state-proxies depending on how they are employed.

On the other hand, ‘Non-State Actors’ range from criminal groups committing frauds via the Internet to violent extremists, such as Islamic State, which pursue aggressive intelligence gathering and propaganda campaigns. The absence of state control reduces the constraints on such groups, with the cyber domain enabling them exponentially to increase their reach.

Illustration: Rafal Rohozinski,

Be the first to comment

Leave a Reply

Your email address will not be published.